4626 matches found
CVE-2005-3299
PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array...
CVE-2005-3300
The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...
CVE-2005-3299
PHP file inclusion vulnerability in grabglobals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $redirect parameter, possibly involving the subform array...
CVE-2005-3300
The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...
[Full-disclosure] Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Local File Inclusion Vulnerability Release Date: 2005/10/22 Last Modified: 2005/10/22 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.6.4-p...
(1) Local file inclusion vulnerability and (2) Cross-Site Scripting vulnerability
PMASA-2005-5 Announcement-ID: PMASA-2005-5 Date: 2005-10-22 Updated: 2005-10-25 Summary 1 Local file inclusion vulnerability and 2 Cross-Site Scripting vulnerability Description We received a security advisory from Stefan Esser [email protected] about 1. We received a security advisory from...
GLSA-200510-16 : phpMyAdmin: Local file inclusion vulnerability
The remote host is affected by the vulnerability described in GLSA-200510-16 phpMyAdmin: Local file inclusion vulnerability Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affecte...
phpMyAdmin: Local file inclusion vulnerability
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affected...
phpMyAdmin < 2.6.4-pl3 'usesubform' Parameter Remote File Inclusion
Binary data 3252.prm...
phpmyadmin -- local file inclusion vulnerability
A phpMyAdmin security announcement reports: In libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated, opening the door to a local file inclusion attack. We consider this vulnerability to be serious...
phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
The version of phpMyAdmin installed on the remote host allows attackers to read and possibly execute code from arbitrary files on the local host because of its failure to sanitize the parameter 'subform' before using it in the 'libraries/grabglobals.lib.php' script. %NASLMINLEVEL 70300 C Tenable...
phpMyAdminLocal.txt
--Boundary-00=A/oSDPpggmc0vcj Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpMyAdmin Local file inclusion 2.6.4-pl1 Author: Maksymilian Arciemowicz cXIb8O3 .18 Date: 10.10.2005 from SECURITYREASON.COM - --- 0.Descripti...
Local file inclusion vulnerability
PMASA-2005-4 Announcement-ID: PMASA-2005-4 Date: 2005-10-11 Summary Local file inclusion vulnerability Description In libraries/grabglobals.lib.php, the $$redirect parameter was not correctly validated, opening the door to a local file inclusion attack. Severity We consider this vulnerability to ...
[Full-disclosure] phpMyAdmin Local file inclusion 2.6.4-pl1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpMyAdmin Local file inclusion 2.6.4-pl1 Author: Maksymilian Arciemowicz cXIb8O3 .18 Date: 10.10.2005 from SECURITYREASON.COM - --- 0.Description --- phpMyAdmin 2.6.4 is a tool written in PHP intended to handle the administration of MySQL over the We...
phpMyAdmin 2.6.4-pl1 - Directory Traversal
!/usr/bin/perl use IO::Socket; SecurityReason.com TEAM Maksymilian Arciemowicz cXIb8O3 [email protected] Local file inclusion ./$FILE simple exploit phpMyAdmin 2.6.4-pl1 SecurityReason.com if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die "Error 404\r\n\r\n"; print $get...
phpMyAdmin 2.6.4-pl1 Remote Directory Traversal Exploit
Exploit for unknown platform in category web applications ======================================================= phpMyAdmin 2.6.4-pl1 Remote Directory Traversal Exploit ======================================================= !/usr/bin/perl use IO::Socket; SecurityReason.com TEAM Maksymilian...
phpMyAdmin 2.6.4-pl1 - Directory Traversal
phpMyAdmin 2.6.4-pl1 - Directory Traversal !/usr/bin/perl use IO::Socket; SecurityReason.com TEAM Maksymilian Arciemowicz cXIb8O3 [email protected] Local file inclusion ./$FILE simple exploit phpMyAdmin 2.6.4-pl1 SecurityReason.com if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort =...
CVE-2005-2869
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...
CVE-2005-2869
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...
CVE-2005-2869
CVE-2005-2869 (and related CVEs 2005-3300, 2005-3301) affect phpMyAdmin prior to certain fixed releases. The core issue is multiple cross-site scripting vulnerabilities in phpMyAdmin’s web interface (notably in the error page and cookie-based login, and in related components) that allow remote at...